Support Center > Search Results > SecureKnowledge Details
Random traffic outage between Check Point machine and 3rd party Cluster after a fail-over
Symptoms
  • Random traffic outage when a fail-over occurs in 3rd party Cluster in the following topology:
    [Check Point machine on Gaia OS / SecurePlatform OS] --- [3rd party Cluster, e.g., Citrix NetScaler cluster]

  • Traffic capture on Check Point machine during the 3rd party Cluster fail-over shows the following chain of events:
    1. Traffic is sent from Check Point machine to 3rd party Cluster to the correct MAC Address
    2. Fail-over occurs in 3rd party Cluster
    3. 3rd party Cluster sends Gratuitous ARP frames (either GARP Reply, or GARP Request) to announce a new MAC Address associated with 3rd party Cluster
    4. Check Point machine keeps sending traffic to the previous MAC Address of 3rd party Cluster (the new announced MAC Address is "ignored")
  • Output of Clish command "show arp dynamic all", or Expert mode command "arp -a" after 3rd party Cluster fail-over shows that the new announced MAC Address of 3rd party Cluster is not added to the ARP table.

  • Setting the value of "/proc/sys/net/ipv4/conf/all/arp_accept" to 1 in Gaia OS / SecurePlatform OS kernel resolves the issue only if 3rd party Cluster sends Gratuitous ARP frames of type "Gratuitous ARP Reply" (ARP OpCode = 2):
    [Expert@HostName]# /sbin/sysctl -w net.ipv4.conf.all.arp_accept=1

Cause

Gratuitous ARP frames are discarded by Gaia OS / SecurePlatform OS kernel.


Solution
Note: To view this solution you need to Sign In .